Sonntag, 19. Oktober 2014

RF Analyzer - Explore the frequency spectrum with the HackRF on an Android device

Over the last week I've been working on a new project, trying to build a spectrum analyzer for Android that works with my hackrf_android library. Now I finally reached the point were it is stable enough to be useful and I created the GitHub repository today:

It is still very basic and I have a lot of ideas to extend its functionality, but I thought it's better to have testers involved as early as possible. Eventually it should evolve in something similar to GQRX, supporting different modes and devices. But that will take some time!

<UPDATE>

The new version of RF Analyzer (1.07) has now support for AM/FM demodulation! It is now also available on Google Play:

In this blog I'm going to show what you can do with the app and in the end I explain how it is working internally for those who like to play with the source code. I also tried to document the code as good as possible, but it is always easier if the basic flow of the program is explained before looking at it.

What you can do with it

Right now there aren't many fancy features. The app will present you with a simple UI showing the frequency spectrum including a waterfall plot. Here is a list of what you can do right now with version 1.00:

Browse the spectrum by scrolling horizontally

Zoom in and out, both horizontally and vertically

Adjust the sample rate and center frequency to match the current view of the screen by double tapping

Auto scale the vertical axis

Jump directly to a frequency

Adjust the gain settings of the HackRF

Select a pre-recorded file as source instead of a real HackRF

Change the FFT size

Setting the frame rate either to a fixed value or to automatic control

Activate logging and showing the log file

I'm planning to also support the rtl-sdr in the future and of course I want to include the actual demodulation for common analog modes like AM, FM, SSB, ... But so far you can only browse the spectrum. Here is how you get it to work:

Plug the HackRF into your Android device using an OTG (on-the-go) cable. You can get those cables for around 3$ and you can also find them as Y-version which enables external powering the HackRF, for those phones/tablets that don't deliver enough power. After you start RF Analyzer you can hit the start button in the action bar and it should prompt you for the permission to access the USB device. Once you did that the FFT will start:

FFT at 20 Msps showing FLEX pagers at 931 MHz

Use common gestures to zoom and scroll both vertically and horizontally. Note that the vertical axis of the FFT plot also affects the colors of the waterfall plot:

Zoomed in (both vertical and horizontal) view

If you scroll outside the current range of the FFT or if you zoom so that the resolution of the FFT is too low you can simply double tap the screen. RF Analyzer will re-tune the HackRF to the frequency currently centered on the screen and also ajust the sample rate so that the FFT covers exactly the frequency range that is currently visible:

The resolution of the FFT is too low when zoomed in too closely. And we scrolled to far right that we can see the end of the FFT on the right site

After double tapping the HackRF is tuned to 931,61 MHz (note the DC offset peak!) and the sample rate is now adjusted to about 2.5 Msps so that we see the full FFT resolution again

You can also use the autoscale button in the action bar to adjust the vertical scale so that it ranges from the minimum to the maximum of the currently visible values of the FFT:

If you want to jump to a certain frequency, use the 'set frequency' button and it will prompt you to enter a new frequency:

The gain settings of the HackRF (both VGA and LNA gain) can be accessed through the 'set gain' button in the overflow menu:

In the settings activity you can:

Select other source types (currently only HackRF or file source)

Set the FFT size

Set the screen orientation (auto / landscape / portrait)

Turn autostart on and off (so that you don't have to hit the start button every time)

Set the frame rate to auto or a fixed value (useful if you want a linear time axis in the waterfall plot)

Deactivate vertical zoom and scrolling (so that you don't accidentally alter the vertical scale while scrolling through frequencies)

Turn on logging and set the location of the log file.

Show the log file

Settings Activity of RF Analyzer on a Nexus 7

Implementing the file source was helpful for debugging the application. It is also a way to test the app if you don't have an OTG cable or your phone/tablet doesn't output enough power for the HackRF. Selecting the file source type will allow you to use RF Analyzer with recorded samples from hackrf_transfer or Test_HackRF. I've uploaded a short capture of some FLEX pager signals for testing: FLEX Pager at 931MHz (2Msps)

How it works

For those who want to play with the sources of RF Analyzer (GPLv2) I want to quickly explain the internal structure of the app:

To support different devices I defined a common interface that is implemented by all classes which represent sources of IQ samples. The Scheduler will continuously read samples from the source to prevent the receive buffers of the device to fill up. It forwards samples in packets of the size of the FFT to the AnalyzerProcessingLoop by inserting them in a queue. If the queue is full, the samples are thrown away in order to not block the input device. The AnalyzerProcessingLoop also runs in a separate thread and reads the sample packets from the queue, processes them with the help of the FFT class and then calls draw() on the AnalyzerSurface. This method draws the given FFT samples on a SurfaceView and also draws a new line of the waterfall plot as well as the horizontal and vertical axis.

For a more detailed impression of how the app works, have a look into the sources on GitHub. I tried my best to add helpful comments to understand the flow of the program.

If you have any questions, comments or any other input, don't hesitate to leave a comment or contact me directly on Twitter: @dennismantz

Thx! The log file is only for trouble shooting. It contains the android log (logcat). But I will add a record feature to write the samples into a file that can be used with hackrf_transfer and GNU Radio!

@Andre Thank you too ;) Nice to hear this app has encouraged you to buy a HackRF. You won't be disappointed, the HackRF is awesome! Possibilities are endless my app is only a small part of the available software... Have fun with it. PS: Since I'm German too, I planned to translate the app to German as soon as I have enough time ;)

@Gaz Thank you! I'm currently working on a recording feature (to record the raw baseband samples). SSB is planned after that!I'm not a HAM (yet) and I'm less familiar with SSB and CW.. but I hope I get it done anyway ;)

Thank you all for your support. It's been a long time since I had so much fun working on a project!

Hi Dennis, if you implement a recording feature, dont forget that hackrf is able to TX. Im not a programmer, but i guess the way for record from hackrf into a file is similar as transfer to the device. I also tested your latest version v1.09 with RTL-SDR. The spectrum bandwith is 1Mhz (on pc, i5 with usb2.0 a rtl-sdr is able to use 2.8mhz bandwith without dropping frames). Is this a limitation of the mobile hardware or why you choosed only 1Mhz bandwith?

I noticed if option averaging of spectrum is enabled, the waterfall also "average" and looks blurred. If you need sample files recorded with SDR# or something to support you while development of demodulation or any other, feel free to ask.

For the wishlist - for Signal hunting a scanning feature will be cool (choose a bandwith to monitor, choose demodulation, set minimum signalstrength and press scan -> biggest signal in range will be demodulated.

I'll also see what I can do about the blurry waterfall. Might be a little bit complicated the way I have it implemented currently. But I'll try...

Now about the sample rate / band width:I struggled a lot to get the demodulation running on these little devices. There is probably still a lot of optimization potential, but so far it'll only work for low sample rates. 1 MHz was tested to work with the Nexus 7 2012 and that's why I chose it. 2 MHz is to fast to process the signal in real time with the current version. This is really unfortunate because the hackrf doesn't really support 1 MHz and you will have a lot of aliasing images in your spectrum -.- I'll work on that as soon as all the basic features and modes are implemented. If you turn off demodulation, you are able to zoom out and increase the sample rate / band width.

And regarding TX:I have a lot of cool ideas for transmitting already and I will probably separate it into another app to keep things clean. RF Analyzer will only be able to receive/capture and the other app will do all kinds of transmission stuff: pre-recorded samples, audio files, real-time microphone input, maybe even some digital modes in the future...

I been enjoying the latest bells and whistles on your latest RF Analyzer as I left this comment for you on the Google Play Store:" Works as Advertised on a generic Dragon Touch A1X 10.1" $60 Tablet I plugged my HackRF into my cheap tablet and was rewarded by it functioning as advertised. I am sure the developer is overwelmed by requests for additional bells and whistles so please add a spectrum survey logging functionality comprising frequency, time, and signal-strength written to a, "live" file. Something along the lines of the OsmocomSDR Spectrum Sensing and RTL-SDR RTL_POWER apps. I do not need to do any DSP as I just need spectrum survey measurements. It is a great app and is highly recommended. A good learning tool to help inspire a new generation of radio enthusiasts. Keep up the good work Herr Mantz.Dennis Mantz November 17, 2014Thx! Your idea sounds cool. I might be able to combine this with the scanner feature I am planning to implement... It will probably be in the version after the next because the next version is almost ready to release... "

I have an engineer helping me with my HackRF project and we need, "spectrum survey logging functionality comprising frequency, time, and signal-strength written to a, "live" file." Is there any way I could provide a nice donation in exchange for an earlier release of the above functionality?

I'm sorry it took me so long and the feature is still not there.. I didn't knew it is needed by another project (which is awesome by the way!). I will make it highest priority ;)

Just to let you know what delayed me: I'm currently working on a optimized DSP library (written with RenderScript). This took way longer than I expected.. so I will start to do other things in parallel now, starting with the scanning feature.

Just to make sure I start off in the right direction: Could you describe in detail which information you need written to the file? If you have a GitHub account you could add an issue for this new feature and describe it there. Otherwise just send me a mail to dennis.mantz@googlemail.com.

Hi,I've just download your app onto my LG G Pad 8.3 running Android 4.2 While the apps works fine with an RTL-SDR USB I can't get it to run with the Hack RF. The HackRF's USB LED keeps blinking for a few seconds but then stays dark. Stupid question, but do I have to install some sort of driver similar to that one for the RTL-SDR?Greeting, Andreas

Hi Andreas,the HackRF driver is included into the RF Analyzer app. You don't need to install anything else. But this sounds more like a power issue. The HackRF does not get enough power from the USB port of your tablet. Can you try another USB cable (maybe a shorter or higher quality cable)?

good question! So the format of the iq file depends on the SDR device you are using. If you recorded the samples with an RTL-SDR device, the file will look exactly like the files generated by the rtl_sdr command line tools from osmocom (http://sdr.osmocom.org/trac/wiki/rtl-sdr). You could for example use the given GNU Radio flow diagram to use the recordings. Or if you use baudline try this command:

Make sure you replace the sample rate and base frequency with the correct values.

If you used an HackRF, the record files are identical to those generated by hackrf_transfer by Michael Ossmann. There are many ressources out there explaining how somebody could use these files (e.g.: http://blog.kismetwireless.net/2013/08/hackrf-pt-2-gnuradio-companion-and.html).

hiim trying to use hsckrf on a galaxy tab s, android 4.4. the web claims as supported device, but rf scanner app doesnt recognice the source, leds not shine, no usb device detected.the hack rf is working fine on the computrr gnuradio, but not on the tab rf scanner app.testing the galaxy tab s with #usb host controller# app, it claims host support but brings error mesage, #s3c usb host driver not found#, i checked with Kies, and i should have the latest firmware...any idea/help about s3c usb host driver?

So you say no LED does light up when you plug the HackRF to your tab? That looks like a powering problem. Maybe your USB cable is too long or is of bad quality? Try a shorter cable or a powered USB hub! It could solve the problem.. if not please contact me through mail (dennis.mantz@googlemail.com) and we can try to trouble shoot this issue further..

hi Dennis, sorry for stupid question, it seems that RF analyzer can work well without any Linux driver like "hackrf.ko" to be loaded? Is it because "libusb" can access hardware via kernel directly ?? Thanks a lot!

that's not a stupid question ;) In fact I just found a good answer online (so someone else asked himself the same thing):

http://unix.stackexchange.com/a/109555

But be aware that this applies to libhackrf which uses libusb. However hackrf_android (https://github.com/demantz/hackrf_android) is written entirely in Java and uses the Android USB API to access the HackRF.

@ha-pe: Please see this screenshot where I annotated some things: http://imgur.com/w8ZEhua

1 is the modulation mode. It must be set to anything other than OFF in order to see the channel selector

2 is the channel selector. The tiny horizontal green line is the squelch indicator. Drag it up or down to adjust the squelch. The color indicates if the signal is currently stronger than the squelch level (green) or weeker (red -> no audio). The same is true for the signal strenght indicator at 3.

Volume is adjusted through the hardware volume buttons during demodulation. I hope this helps!

Please go to Settings and then click on 'Source Settings'. Scroll all the way down to the option 'Up-/Downconverter Frequency Shift'. There you can enter the frequency difference that your upconverter introduces to the signal. For the Ham-it-up the entered value should be -125000000 (note that this has to be a negative value for an upconverter). This will add the entered frequency offset to the labels on the frequency axis. That's really all it does.. You can also decide to leave the offset at 0 Hz and instead tune to 125 MHz + .

With Marshmallow 6.01 on a Nexus 5X I had no trouble getting HackRF to work, but I had to set the USB connection type to "File Transfer" to get the RTL-SDR dongle working (with default USB setting I get "device not found") Your app works great! Thanks for this!

Very interesting! I've never encountered this on my Nexus 5. Actually I don't even have the possibility to change anything about the USB settings when OTG devices are plugged in. Are you using a Y-OTG-cable to charge your phone and connect it to the RTL dongle at the same time?

HELP NEEDED, I just purchased your app from the play store, and find no instructions for setting it up with RTL dongle, it says source not available (Hack RF) and no options allow me to change to RTL. Do i need to download a driver, or power the RTL with an option for OTG in my galaxy s3? Thanks in advance...

Hi, sorry for that.. there are still some UI improvements to do. You can change the source type from HackRF to RTL-SDR by going to settings (3-dot menu on the top right corner and then settings). Then set the source type to RTL-SDR and try it again!Tell me if you need more help..

Thanks for the prompt tech support, It's really odd, I don't have the ..., wondering if play store has sent me an old version and I need to update it? or just an anomaly with my s3 and jelly bean? I will reinstall and see what happens.